Examples of org.apache.cxf.rs.security.saml.assertion.Subject

• org.apache.cxf.rs.security.saml.assertion.Subject

        // signature, subject confirmation, etc
        super.validateToken(message, wrapper);

        // This is specific to OAuth2 path
        // Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
        Subject subject = SAMLUtils.getSubject(message, wrapper);
        if (subject.getName() == null) {
            throw new NotAuthorizedException(errorResponse());
        }

        if (clientId != null && !clientId.equals(subject.getName())) {
            //TODO:  Attempt to map client_id to subject.getName()
            throw new NotAuthorizedException(errorResponse());
        }
        samlOAuthValidator.validate(message, wrapper);
        message.put(OAuthConstants.CLIENT_ID, subject.getName());
    }

    private static final String ROLE_NAMEFORMAT_PROPERTY = "org.apache.cxf.saml.claims.role.nameformat";

    public SecurityContext getSecurityContext(Message message,
            SamlAssertionWrapper wrapper) {
        Claims claims = getClaims(wrapper);
        Subject subject = getSubject(message, wrapper, claims);
        SecurityContext securityContext = doGetSecurityContext(message, subject, claims);
        if (securityContext instanceof SAMLSecurityContext) {
            Element assertionElement = wrapper.getElement();
            ((SAMLSecurityContext)securityContext).setAssertionElement(assertionElement);
        }

            org.apache.cxf.rs.security.saml.assertion.Claim... claim)
        throws Exception {
        List<org.apache.cxf.rs.security.saml.assertion.Claim> claims =
            new ArrayList<org.apache.cxf.rs.security.saml.assertion.Claim>(Arrays.asList(claim));
        SecurityContext sc = new JAXRSSAMLSecurityContext(
                new Subject("user"), claims);
        Message m = new MessageImpl();
        m.setExchange(new ExchangeImpl());
        m.put(SecurityContext.class, sc);
        m.put("org.apache.cxf.resource.method",
               cls.getMethod(methodName, new Class[]{}));

    }

    public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
        org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
        Subject subject = new Subject();
        NameID nameId = s.getNameID();
        subject.setNameQualifier(nameId.getNameQualifier());
        // if format is transient then we may need to use STSClient
        // to request an alternate name from IDP
        subject.setNameFormat(nameId.getFormat());

        subject.setName(nameId.getValue());
        subject.setSpId(nameId.getSPProvidedID());
        subject.setSpQualifier(nameId.getSPNameQualifier());
        return subject;
    }

        return true;
    }

    protected void setSecurityContext(Message m, SamlAssertionWrapper assertionWrapper) {
        // don't worry about roles/claims for now, just set a basic SecurityContext
        Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
        final String name = subject.getName();

        if (name != null) {
            final SecurityContext sc = new SecurityContext() {

                public Principal getUserPrincipal() {

        // signature, subject confirmation, etc
        super.validateToken(message, wrapper);

        // This is specific to OAuth2 path
        // Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
        Subject subject = SAMLUtils.getSubject(message, wrapper);
        if (subject.getName() == null) {
            throw new NotAuthorizedException(errorResponse());
        }

        if (clientId != null && !clientId.equals(subject.getName())) {
            //TODO:  Attempt to map client_id to subject.getName()
            throw new NotAuthorizedException(errorResponse());
        }
        samlOAuthValidator.validate(message, wrapper);
        message.put(OAuthConstants.CLIENT_ID, subject.getName());
    }

        return true;
    }

    protected void setSecurityContext(Message m, AssertionWrapper assertionWrapper) {
        // don't worry about roles/claims for now, just set a basic SecurityContext
        Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
        final String name = subject.getName();

        if (name != null) {
            final SecurityContext sc = new SecurityContext() {

                public Principal getUserPrincipal() {

    }

    public static Subject getSubject(Message message, AssertionWrapper assertionW) {
        org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
        Subject subject = new Subject();
        NameID nameId = s.getNameID();
        subject.setNameQualifier(nameId.getNameQualifier());
        // if format is transient then we may need to use STSClient
        // to request an alternate name from IDP
        subject.setNameFormat(nameId.getFormat());

        subject.setName(nameId.getValue());
        subject.setSpId(nameId.getSPProvidedID());
        subject.setSpQualifier(nameId.getSPNameQualifier());
        return subject;
    }

        return true;
    }

    protected void setSecurityContext(Message m, AssertionWrapper assertionWrapper) {
        // don't worry about roles/claims for now, just set a basic SecurityContext
        Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
        final String name = subject.getName();

        if (name != null) {
            final SecurityContext sc = new SecurityContext() {

                public Principal getUserPrincipal() {

    private static final String ROLE_NAMEFORMAT_PROPERTY = "org.apache.cxf.saml.claims.role.nameformat";

    public SecurityContext getSecurityContext(Message message,
            AssertionWrapper wrapper) {
        Claims claims = getClaims(wrapper);
        Subject subject = getSubject(message, wrapper, claims);
        return doGetSecurityContext(message, subject, claims);
    }